 <?php
include '../config.php';
function clean($str) {
  $str = @trim($str);
  if(get_magic_quotes_gpc()) {
    $str = stripslashes($str);
  }
  return mysql_real_escape_string($str);
}
$user = clean($_POST['username']);
$password =md5(clean($_POST['password']));
$query = mysql_query("SELECT * FROM user WHERE uName = '$user' AND uPassword = '$password' ")
or die(mysql_error());
if(mysql_num_rows($query)>0)
{
  $row = mysql_fetch_array($query);
  session_start();
  $_SESSION['user'] =$row['uName'];
  $_SESSION['fName']=$row['Firstname'];
  $_SESSION['lName']=$row['Lastname'];
  $_SESSION['email']=$row['Email'];
  $_SESSION['address']=$row['uAddress'];
  $_SESSION['uId'] = $row['uID'];
  echo 'true';
}
else
{
  echo "Username or password was incorrect!";
} 
mysql_close($con);
?>